Step by Step Windows Virtual Desktop Troubleshooting Manual Add VM to HostPool #WVD #RDS #Azure #MSIgnite #MVPBuzz #Cloud

Windows virtual desktop is GA and already there are tons of blog post on how to install windows virtual desktop, first steps on windows virtual desktop.

I see a huge demand on WVD, Customers wants to try this and see the difference between the traditional RDS setup.  And yes its all Azure but thanks can be build and tested. and there comes all the different builds and setups. Different places to go, and management is a pain no GUI available from Microsoft there is only PowerShell. Not a bad thing but testing the windows virtual desktop leaves me multiple tenants and host pools dead.

Well I thought lets do a Step By Step windows virtual desktop, Well not exactly I’ll believe you can follow the wizard in Azure and Do all the prereq’s by your self. In this blog post it could be that not all host pools and tenant names are the same as I had a lot of test WVD configs.

As we all know the Infrastructure that is needed for windows virtual desktop, we also know that a lot can go wrong and then where to look ?

So to start with windows virtual desktop I created a little Powershell script that does step 1

Install-Module -Name Microsoft.RDInfra.RDPowerShell
Import-Module -Name Microsoft.RDInfra.RDPowerShell

#Setup Settings, TenantName of WVD tenant, Hostpool name
$Hostpool       = “WVDpool01”
$HPFriendlyName  = “Win10 + O356”
$TenantName     = “ClusterMVP”
$TenantGroupName = “Default Tenant Group”
$AppGroupName    = “Desktop Application Group”
$AadTenantId    = “111111-2222222-33333”
$subscriptionId = “111111-2222222-33333″
$UPN=”adminclu@clustermvp.local”

#Sign in to Windows Virtual Desktop
Add-RdsAccount -DeploymentUrl “https://rdbroker.wvd.microsoft.com”

#New Tenant Keep in mind that Access rights need to be set before doing the next step.
New-RdsTenant -Name $tenantName -AadTenantId $AadTenantId -AzureSubscriptionId $subscriptionId
#
#Hostpool
#Create new Hostpool
New-RdsHostPool -TenantName $tenantName -FriendlyName $HPFriendlyName -name $hostpool -ValidationEnv $true
Get-RdsHostPool -TenantName $tenantName

 

When Doing these steps I already got errors not on the script but on the basic steps

Get-RdsTenant : User is not authorized to query the management service.

The user is global admin uber god in Azure and in the domain. Well you need to give the account that you are using for the installation access. in the Virtual Desktop APP.

I like to see what happened so often I use an extra Get- to see the values .

But these errors I hate them, Why can it be so hare to deploy some machines and use RDS, Well it’s a 3 fase installer.

• Granting the Domain + subscription
• Powershell stuff to prep things
• Install Azure VM’s

And then the setup needs to embed in your infrastructure. Think I saw a lot of issues, during the first RDMI rollouts I thought this is complicated a created a full rollout script, but things changed during the program and at some points I could not get windows virtual desktop Installed several tries etc not good,

Tons of failure on all kind of errors samples are below.

—————————————————————————————–

VM has reported a failure when processing extension ‘joindomain’

the error is Deployment error: “VMExtensionProvisioningError”.
Details error message are:
{“code”:”DeploymentFailed”,”message”:

Operation ‘Update VM’ is not allowed on VM ‘FIBWVD-0’ since the VM is marked for deletion.

“The resource operation completed with terminal provisioning state ‘Failed’.”

statusCode”: “Conflict”,

“VM has reported a failure when processing extension ‘joindomain’. Error message:
\”Exception(s) occured while joining Domain

Error message: \\\”DSC Configuration

——————————————————————————————–

Well I have multiple Domain names added to my Azure AD and Running a VM as DC with multiple domain names.  Azure Connect syncs them to Azure AD but standard well it depends, That’s why I thought lets create a backwards blog about windows virtual desktop #WVD.

More about errors can be found here 

https://docs.microsoft.com/en-us/azure/virtual-desktop/diagnostics-role-service#common-error-scenarios

 

During all my test I noticed my Tenant Names where in use and different all meshed up. Removing them is easy but also in steps.

First my sample here

Get-RdsHostPool -TenantName ACACOMPUTERS

This shows you the host pools for the login user

get-RdsAppGroup -TenantName ACAComputers -HostPoolName ACA-HostPool

So removing the hostpool is not

Remove-RdsHostPool -TenantName ACAComputers -HostPoolName ACA-HostPool

That seems logical, then lets see the application groups

get-RdsAppGroup -TenantName ACAComputers -HostPoolName ACA-HostPool

There are Two application Groups : the default one and an extra created.

AppGroupName    : Desktop Application Group

AppGroupName    : MVP-WVD

Remove-RdsAppGroup -TenantName ACAComputers -HostPoolName ACA-HostPool -Name “MVP-WVD” –Verbose

even with the verbose nothing no warning no error.

Remove-RdsHostPool -TenantName ACAComputers -HostPoolName ACA-HostPool -Verbose

Now the Hostpool can be removed and no warning

 

Setting up a fresh new installation of WVD is easy, but the first setup is a bit painful but if you follow the steps you can’t go wrong.

GO to the  https://rdweb.wvd.microsoft.com Add the Azure AD ID keep in mind if you are running a CSP subscription or you are not the owner it may that your account is blocked to create enterprise apps then this will fail and you can’t setup WVD.

Do this for Client and Server

Then give the users access to the Windows Virtual Desktop App, these are the installation accounts.

Open the app and add users or groups.

 

Now you can sign in and start the deployment

#Sign in to Windows Virtual Desktop
Add-RdsAccount -DeploymentUrl https://rdbroker.wvd.microsoft.com

 

 

WVD service principal name Powershell

 

You can also use a service principal name

#############

Set users or Create service principal name

# create the service principal:
$aadContext = Connect-AzureAD
$svcPrincipal = New-AzureADApplication -AvailableToOtherTenants $true -DisplayName “Windows Virtual Desktop Svc Principal”
$svcPrincipalCreds = New-AzureADApplicationPasswordCredential -ObjectId $svcPrincipal.ObjectId

#Here are the three credentials you should write down and the cmdlets you need to run to get them
$svcPrincipalCreds.Value
$aadContext.TenantId.Guid
$svcPrincipal.AppId

#Set Rolassignment
New-RdsRoleAssignment -RoleDefinitionName “RDS Owner” -ApplicationId $svcPrincipal.AppId -TenantName $tenantName

#Sign in with the service principal
$creds = New-Object System.Management.Automation.PSCredential($svcPrincipal.AppId, (ConvertTo-SecureString $svcPrincipalCreds.Value -AsPlainText -Force))
Add-RdsAccount -DeploymentUrl “https://rdbroker.wvd.microsoft.com” -Credential $creds -ServicePrincipal -AadTenantId $aadContext.TenantId.Guid

This is All perfect But often I noticed that the WVD host where added to the domain but failed in something, the VM was fine and there was a folder with the deployment agent. and this got me thinking what If you install this on what ever OS, You could even use the WVD portal to connect to your own laptop.

 

Manual ADDING New WVD (Windows virtual desktop) Host to the Pool or a failed on.

The manual add Server to the host pool is also a process when you start with 1 server and add later extra servers to the pool.

but we will need a token to add the WVD host to the pool, like in RDS add the Role not the Role is an agent that is running on the VM

There are several ways to export the key I like them to capture this in screen and to the clipboard.

$WVDToken = New-RdsRegistrationInfo -TenantName $tenantName -HostPoolName $hostpool -ExpirationHours 2
$WVDToken.Token | Set-Clipboard
##
$WVDToken.Token

#When using the Clipboard then use this.
Export-RdsRegistrationInfo -TenantName $tenantName -HostPoolName $hostpool | Select-Object -ExpandProperty Token | Set-Clipboard

Now we have the key but it is only valid for 2 hours.

Now I go to my failed Windows 10 host and start the installation of the Agent.

If you don’t have the Agent installer you can download it. In this case I use a failed WVD host during deployment.

Download and install the Windows Virtual Desktop Agent.

• Download the Windows Virtual Desktop Agent.

Use the Token in the installer

The next installer is the bootloader 

Download and install the Windows Virtual Desktop Agent Bootloader.

• Download the Windows Virtual Desktop Agent Bootloader.

 

Now that the Agent and the Bootloader is installed. We need two more steps.

Download the Windows Virtual Desktop side-by-side stack and run the installer.

As a final step – Download this script to activate the side-by-side stack. Save this as powershell script “ps1” or run this directly.

After running the SxS components you and use the portal  https://rdweb.wvd.microsoft.com/webclient/index.html

In this setup I used the Full desktop – This is also default –

Running this in a Window or use the Remote app in your Windows

• Download the Remote Desktop client here.
• Install the client. You don’t need administrator privileges if you are only installing it for your own user account.
• Open the newly installed Remote Desktop app.
• On the Let’s get started screen, click Subscribe to subscribe to a feed.

Installation source on a failed WVD host

 

[!IMPORTANT] To help secure your Windows Virtual Desktop environment in Azure, we recommend you don’t open inbound port 3389 on your VMs. Windows Virtual Desktop doesn’t require an open inbound port 3389 for users to access the host pool’s VMs. If you must open port 3389 for troubleshooting purposes, we recommend you use just-in-time VM access.

 

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile